Tyson,
I know, this topic should have long been put to bed - but its nice to dabble
over these things every once in a while and glean other perspectives while
doing so. So, I think we are getting into semantics here - Control Plane
Protocols vs Control Plane Traffic.
So my reference to ICMP of not being possible to match using NBAR is only to
point out that if the traffic (ICMP) in question is infact destined to a
router's IP address, it would not be possibly matched using NBAR. NBAR uses
IP CEF to match on most (if not all) protocols and IP CEF operates on the
Data Plane, mostly on transit traffic, as I understand it. Hence when the
traffic is destined to the router's CPU (which is another argument point,
since even Data Plane traffic also does hit the CPU, although minimally), IP
CEF does not match it. This is strictly my conjecture here so please don't
get me wrong - I am not quoting any reference.
To me, Control Plane TRAFFIC is just traffic that chokes up a router. I have
great respect for Yusuf Bhaiji and his text, but your quote of saying
"control plane is that it consists of protocols that help to "glue the
network together"" has arguably too much limitation. I do not think Control
Plane is limited to *ONLY* protocols "that glue to network together". RADIUS
and TACACS for example are definitely Control Plane Protocols, they are
certainly not involved in building the network. Neither is RADIUS (for
certain) part of a router's priority queue for example.
To me, once I hear "Control Plane Traffic or Protocol", I start thinking of
stuff like CDP, ARP, Routing Protocols, STP, EAP/EAPoL, IGMP, etc, y'know.
Although it starts to get specific to platforms now - routers vs switches!
Im sure you get my point anyway.
Hope that does not start off another branch of the argument here... :-)
Sadiq
On Sun, Nov 14, 2010 at 10:59 PM, Tyson Scott <tscott_at_ipexpert.com> wrote:
> Sadiq,
>
>
>
> Only two protocols work with NBAR classification with control plane
> policing, PPPOE and ARP. That doesn't make other protocols by definition
> control plane protocols. Personally I think the response by Paul to be the
> most precise and to the point, even if he said ICMP instead of IGMP, in
> describing control plane protocols. But at the end of the day the most
> important fact is that ICMP traffic can affect the control plane of the
> router and thus measures should be taken to protect the router.
>
>
>
> When I read the statement below it says (in my view) ICMP, IP traffic with
> IP options, and others "MIGHT" require handling by the route processor.
> This traffic that might require processing by the route processor is often
> referred to as control plane traffic.
>
>
>
> To me it doesn't say that ICMP and IP traffic with IP options is control
> plane traffic but that it might require processing at the control plane.
> Thus Control Plane protection mechanisms should be put in place to prevent
> such security risks.
>
>
>
> It still does not say to me that ICMP is by definition control plane
> traffic. But I think that my view is up for debate which has been more
> than
> evident by this string of emails.
>
>
>
> CCIE Kid I hope the purpose of your request has been answered by all of
> this. And you can also see just how bull headed we all are :-)
>
>
>
> Regards,
>
>
>
> Tyson Scott - CCIE #13513 R&S, Security, and SP
>
> Managing Partner / Sr. Instructor - IPexpert, Inc.
>
> Mailto: <mailto:tscott_at_ipexpert.com> tscott_at_ipexpert.com
>
>
>
>
>
> From: Sadiq Yakasai [mailto:sadiqtanko_at_gmail.com]
> Sent: Saturday, November 13, 2010 4:04 PM
> To: ron wilkerson
> Cc: Tyson Scott; negron.paul_at_gmail.com; tron_at_huapi.ba.ar;
> eliteccie_at_gmail.com; ccielab_at_groupstudy.com
> Subject: Re: ICMP Query!!!
>
>
>
> Exactly!
>
> "The vast majority of packets handled by a router travel through the router
> by way of the forwarding plane, or data plane. However, the system's route
> processor must handle certain packets, such as routing protocols,
> keepalives, packets destined to the local IP addresses of the router, and
> packets from management protocols and other interactive access protocols,
> such as Telnet and Secure Shell (SSH) Protocol. In addition, packets from
> protocols such as Internet Control Message Protocol (ICMP), with IP
> options,
> and others, might require handling by the route processor as well. This
> type
> of traffic is often referred to as control plane traffic."
>
> This is the same reason why using NBAR for ICMP classification when
> configuring COPP does NOT work. You need to use an ACL in a class-map to
> perform such classification. Very expensive lesson for me ;-)
>
> ICMP terminating on a router, is indeed Control Plane traffic.
>
> Sadiq
>
> On Sat, Nov 13, 2010 at 8:30 PM, ron wilkerson <ron.wilkerson_at_gmail.com>
> wrote:
>
>
> http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6586/ps6642/pro
> d_white_paper0900aecd805ffde8.html<http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6586/ps6642/pro%0Ad_white_paper0900aecd805ffde8.html>
>
> read the 4th paragraph.
>
> On Sat, Nov 13, 2010 at 3:24 PM, Tyson Scott
> <tyson.scott_at_advtechracks.com>wrote:
>
>
> > ICMP is not control plane traffic. ICMP unreachables go to the CEF
> > exception for example. Consider the control plane as protocols that
> > glue the network together. ICMP traffic to the router go to the host
> > control plane because of being directed to the device thus it must
> > handle it. ICMP is data traffic that may be used for management
> > purposes
> >
> > Regards,
> >
> > Tyson Scott
> > CCIE # 13513 (R&S, Security, SP)
> > Managing Partner/Technical Instructor - IPexpert Inc.
> > tscott_at_ipexpert.com
> >
> >
> > ----- Reply message -----
> > From: "Paul Negron" <negron.paul_at_gmail.com>
> > Date: Sat, Nov 13, 2010 2:10 pm
> > Subject: ICMP Query!!!
> > To: "ron.wilkerson_at_gmail.com" <ron.wilkerson_at_gmail.com>, "Carlos G
> > Mendioroz" <tron_at_huapi.ba.ar>
> > Cc: "CCIE KID" <eliteccie_at_gmail.com>, "Cisco certification"
> > <ccielab_at_groupstudy.com>
> >
> >
> > Very Interesting Response.
> >
> > I guess I primarily viewed ICMP as testing the Control Plane/ Data Plane
> > with the Majority of ICMP Query types:
> >
> > * 0 = Echo Reply (3ping response2)
> > * 8 = Echo Request (3ping query2)
> > * 9 = Router Advertisement (RFC 1256)
> > * 10 = Router Solicitation (RFC 1256)
> > * 13 = Time Stamp Request
> > * 14 = Time Stamp Reply
> > * 17 = Address Mask Request
> > * 18 = Address Mask Reply
> >
> > I know my definition is a little Narrow but it does help differentiate
> ICMP
> > from protocols like RSVP, PIM, EIGRP that strictly represent Control
> Plane
> > from a Routing Switching perspective.
> >
> > As far as the view that because ICMP uses the CPU being a CLEAR
> definition,
> > this I would disagree with. What would Process Switching be then? Control
> > Plane or Data Plane activity?
> >
> > Carlos and Ron do make a good point to expand my Narrow definition
> though.
> > :-)
> >
> > Paul
> >
> >
> > --
> > Paul Negron
> > CCIE# 14856 CCSI# 22752
> > Senior Technical Instructor
> > www.micronicstraining.com
> >
> >
> >
> > > From: <ron.wilkerson_at_gmail.com>
> > > Reply-To: <ron.wilkerson_at_gmail.com>
> > > Date: Fri, 12 Nov 2010 23:58:17 +0000
> > > To: Paul Negron <negron.paul_at_gmail.com>, Carlos G Mendioroz <
> > tron_at_huapi.ba.ar>
> > > Cc: CCIE KID <eliteccie_at_gmail.com>, Cisco certification
> > > <ccielab_at_groupstudy.com>
> > > Subject: Re: ICMP Query!!!
> > >
> > > Agree with carlos...
> > > I've always thought of control plane as anything that the cpu has to
> look
> > at.
> > > Some icmp packets require the cpu, so I'd classify those icmp as
> control
> > plane
> > > packets.
> > >
> > >
> > > Sent from my Verizon Wireless BlackBerry
> > >
> > > -----Original Message-----
> > > From: Paul Negron <negron.paul_at_gmail.com>
> > > Sender: nobody_at_groupstudy.com
> > > Date: Fri, 12 Nov 2010 16:39:10
> > > To: Carlos G Mendioroz<tron_at_huapi.ba.ar>
> > > Reply-To: Paul Negron <negron.paul_at_gmail.com>
> > > Cc: CCIE KID<eliteccie_at_gmail.com>; Cisco certification<
> > ccielab_at_groupstudy.com>
> > > Subject: Re: ICMP Query!!!
> > >
> > > It is true that they help convey information or make sure a path is
> clear
> > to
> > > send larger packets, but ICMP is not intended to help create state
> within
> > > the control plane.
> > >
> > > Like I said....
> > >
> > >
> > > IGMP helps to create a path in which Traffic will use.
> > > ICMP uses the data plane that a control plane protocol created.
> > >
> > > Does anyone else have anything useful to contribute?
> > >
> > > I would always love to hear another explanantion that can be useful and
> > I'm
> > > sure CCIE KID would too, unless the "KID" already gets it.
> > >
> > >
> > > Narbik?
> > >
> > >
> > > --
> > > Paul Negron
> > > CCIE# 14856 CCSI# 22752
> > > Senior Technical Instructor
> > > www.micronicstraining.com
> > >
> > >
> > >
> > >> From: Carlos G Mendioroz <tron_at_huapi.ba.ar>
> > >> Date: Fri, 12 Nov 2010 17:39:56 -0300
> > >> To: Paul Negron <negron.paul_at_gmail.com>
> > >> Cc: CCIE KID <eliteccie_at_gmail.com>, Cisco certification
> > >> <ccielab_at_groupstudy.com>
> > >> Subject: Re: ICMP Query!!!
> > >>
> > >> I would call ICMP redirect packets a control thing though.
> > >> And when using ICMP probes (echo request/reply) as part of a IP SLA
> > >> construct, they are a control thing too.
> > >> What about packet too big ?
> > >>
> > >> In fact, Internet Control Message Protocol sounds a lot to control :)
> > >>
> > >> -Carlos
> > >>
> > >> Paul Negron @ 10/11/2010 14:21 -0300 dixit:
> > >>> I apologize, I meant to state:
> > >>>
> > >>>> IGMP packets are used to create state on the Router that receives
> > them.
> > >>>> Since it is used to create state, it is a part of the Control Plane
> > >>>> process.
> > >>>> It joins so that trees can be built, Although it is PIM that builds
> > them.
> > >>>>
> > >>>> ICMP is generating traffic and is not associated with building
> > ANYTHING. It
> > >>>> is considered Data Plane traffic. It uses paths that have already
> been
> > >>>> setup
> > >>>> by a Control Plane Protocol, like OSPF or EIGRP or PIM for that
> > matter.
> > >>>
> > >>> I accidentally stated ICMP twice.
> > >>>
> > >>> Paul
> > >>
> > >> --
> > >> Carlos G Mendioroz <tron_at_huapi.ba.ar> LW7 EQI Argentina
> > >
> > >
> > > Blogs and organic groups at http://www.ccie.net
> > >
> > > _______________________________________________________________________
> > > Subscription information may be found at:
> > > http://www.groupstudy.com/list/CCIELab.html
> >
> >
> > Blogs and organic groups at http://www.ccie.net
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
> >
>
>
>
>
> --
> stop talking
>
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>
>
>
>
>
>
>
> --
> CCIEx2 (R&S|Sec) #19963
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>
>
>
>
-- CCIEx2 (R&S|Sec) #19963 Blogs and organic groups at http://www.ccie.netReceived on Mon Nov 15 2010 - 11:16:03 ART
This archive was generated by hypermail 2.2.0 : Sun Dec 05 2010 - 22:14:56 ART